VDB
GCVE-110-MAGEIA-2019-65
GCVE-110-MAGEIA-2019-65
Advisory Published
In the marshmallow library before 2.15.1 for Python, the schema "only"
option treats an empty list as implying no "only" option, which allows a
request that was intended to expose no fields to instead expose all fields
(if the schema is being filtered dynamically using the "only" option, and
there is a user role that produces an empty value for "only")
(CVE-2018-17175).
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | mingw-gcc | 0 (affected), 8.3.0-1.1.mga7 (unaffected) | — |
| Mageia | python-marshmallow | 0 (affected), 2.2.1-0.5.gitea1def9.mga6 (unaffected), 0 (affected), 2.2.1-0.5.gitea1def9.mga6 (unaffected) | — |
Aliases
References
Browse GCVE Records
72,096 records in the GCVE database · Updated July 14, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.